github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
60e9babfda
linux/drivers/misc
History
Vishnu DASA d202b5adcc VMCI: Fix integer overflow in VMCI handle arrays 
commit 1c2eb5b285 upstream.

The VMCI handle array has an integer overflow in
vmci_handle_arr_append_entry when it tries to expand the array. This can be
triggered from a guest, since the doorbell link hypercall doesn't impose a
limit on the number of doorbell handles that a VM can create in the
hypervisor, and these handles are stored in a handle array.

In this change, we introduce a mandatory max capacity for handle
arrays/lists to avoid excessive memory usage.

Signed-off-by: Vishnu Dasa <vdasa@vmware.com>
Reviewed-by: Adit Ranadive <aditr@vmware.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-07-14 08:11:21 +02:00
..
altera-stapl
c2port
cardreader
cb710
cxl cxl: Wrap iterations over afu slices inside 'afu_list_lock' 2019-03-23 20:10:03 +01:00
echo
eeprom eeprom: at24: fix unexpected timeout under high load 2019-07-03 13:14:46 +02:00
genwqe genwqe: Prevent an integer overflow in the ioctl 2019-06-11 12:20:54 +02:00
ibmasm
lis3lv02d
lkdtm lkdtm: support llvm-objcopy 2019-07-14 08:11:21 +02:00
mei mei: bus: move hw module get/put to probe/release 2019-03-23 20:09:39 +01:00
mic mic: vop: Fix use-after-free on remove 2019-02-15 08:10:12 +01:00
ocxl ocxl: Fix endiannes bug in read_afu_name() 2019-01-09 17:38:43 +01:00
sgi-gru drivers/misc/sgi-gru: fix Spectre v1 vulnerability 2018-11-27 16:13:10 +01:00
sgi-xp
ti-st
vmw_vmci VMCI: Fix integer overflow in VMCI handle arrays 2019-07-14 08:11:21 +02:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c
apds9802als.c
aspeed-lpc-ctrl.c
aspeed-lpc-snoop.c
atmel_tclib.c
atmel-ssc.c misc: atmel-ssc: Fix section annotation on atmel_ssc_get_driver_data 2018-11-27 16:13:10 +01:00
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
enclosure.c
fsa9480.c
hmc6352.c misc: hmc6352: fix potential Spectre v1 2018-09-12 09:31:00 +02:00
hpilo.c
hpilo.h
ibmvmc.c misc: ibmvsm: Fix potential NULL pointer dereference 2019-01-31 08:14:35 +01:00
ibmvmc.h
ics932s401.c
ioc4.c
isl29003.c
isl29020.c
Kconfig
kgdbts.c Drivers: misc: fix out-of-bounds access in function param_set_kgdbts_var 2019-06-19 08:18:02 +02:00
lattice-ecp3-config.c
Makefile
pch_phub.c
pci_endpoint_test.c misc: pci_endpoint_test: Fix test_reg_bar to be updated in pci_endpoint_test 2019-06-15 11:54:06 +02:00
phantom.c
pti.c
qcom-coincell.c
spear13xx_pcie_gadget.c
sram-exec.c
sram.c
sram.h
tifm_7xx1.c
tifm_core.c
tsl2550.c
vexpress-syscfg.c misc: vexpress: Off by one in vexpress_syscfg_exec() 2019-02-15 08:10:11 +01:00
vmw_balloon.c